6 matches found
CVE-2026-34248 Zammad has an information disclosure in ticket detail view of customers in shared organizations
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...
CVE-2026-34248 Zammad has an information disclosure in ticket detail view of customers in shared organizations
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...
CVE-2025-14507
CVE-2025-14507 — EventPrime for WordPress suffers unauthenticated sensitive information exposure via the REST API in all versions up to and including 4.2.7.0. Unauthenticated attackers could exfiltrate booking data (user names, emails, ticket details, payment information, and order keys) when the...
CVE-2020-10100
An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access controls related to this functionality. As such, users of one company are able to access ticket da...
Design/Logic Flaw
An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access controls related to this functionality. As such, users of one company are able to access ticket da...
CVE-2002-0931
Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a 1 Title or 2 Description when a new ticket is created by a support assistant, via the "id" parameter to the index.php script with the 3...